A vulnerability has been identified in the uBlock Origin system for blocking unwanted content that allows a crash or memory exhaustion to occur when navigating to a specially designed URL, if this URL falls under strict blocking filters. The vulnerability only appears when directly navigating to the problematic URL, for example when clicking on a link.
The vulnerability is fixed in the uBlock Origin 1.36.2 update. The uMatrix add-on also suffers from a similar problem, but it has been discontinued and updates are no longer released. There are no security workarounds in uMatrix (initially it was suggested to disable all strict blocking filters through the “Assets” tab, but this recommendation was found to be insufficient and creates problems for users with their own blocking rules). In ηMatrix, a fork of uMatrix from the Pale Moon project, the vulnerability was fixed in release 4.4.9.
A strict blocking filter is usually defined at the domain level and means that all connections are blocked, even when following a link directly. The vulnerability is caused by the fact that when navigating to a page that is subject to a strict blocking filter, the user is shown a warning that provides information about the blocked resource, including the URL and query parameters. The problem is that uBlock Origin parses the request parameters recursively and adds them to the DOM tree without taking into account the nesting level.
When handling a specially crafted URL in uBlock Origin for Chrome, it is possible to crash the process running the browser add-on. After a crash, until the process with the add-on is restarted, the user is left without blocking unwanted content. Firefox is experiencing memory exhaustion.
Source: opennet.ru